Mastodawn

enjoyed this telnetd analysis. (if you can’t believe anyone has a legitimate operational reason to run telnet, you live in a cozy world indeed) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan

watchTowr Labs

Show thread

Glyph 2d ago

@0xabad1dea do you have a specific example of such a legit need? I do not typically think of myself as “sheltered” but this one eludes me

Show thread

abadidea 2d ago

@glyph wander into any factory in the world and you'll find 30yo industrial machinery that's been running the same firmware the entire time and trying to fiddle with it is liable to end the business

Show thread

V 2d ago

@0xabad1dea @glyph For more specific examples: Someone I know had to use telnet to connect to something (a mill or lathe, possibly was just one of each) at a shop she worked in not too long ago.
In uni, I had to use telnet to connect to a telescope for some physics classes.

Show thread

@0xabad1dea @glyph So - not something most people have to deal with day-to-day, but, if you need to communicate remotely with old machinery, it still comes up. A lot of stuff like that works on a 'if it ain't broke, don't fix it' policy.
... Especially if 'fix it' involves hauling parts into orbit, or to the top of a mountain in a remote corner of the country without too much light pollution (yet).